Information Processing Apparatus Capable of Backing Up and Restoring Key for Data Encryption and Method for Controlling the Same

PublishedFebruary 13, 2018

Assigneenot available in USPTO data we have

InventorsAkari Yasukawa

Technical Abstract

Patent Claims

15 claims

Legal claims defining the scope of protection, as filed with the USPTO.

1. An information processing apparatus comprising: a storage device configured to store data; an encryption chip mounted on a first board of the information processing apparatus, and configured to store an encryption key therein, the encryption chip encrypting data to be written into the storage device by using the encryption key, and decrypting data read from the storage device by using the encryption key; a nonvolatile memory mounted on a second board, and configured to store a backup encryption key; and a control unit configured to confirm whether the data stored in the storage device has been correctly decrypted by using the encryption key, and when the data has not been correctly decrypted, restore the backup encryption key to the encryption chip, and when the data has been correctly decrypted, back up the backup encryption key into the nonvolatile memory, wherein the nonvolatile memory stores predetermined identification information in association with the backup encryption key, wherein, the control unit acquires another identification information from a component to which the encryption key is restored when restoring the backup encryption key, and confirms whether the acquired another identification information is corresponding to the predetermined identification information stored in the nonvolatile memory, wherein, in a case where it is determined that the acquired another identification information is corresponding to the predetermined identification information stored in the nonvolatile memory, the restoring of the backup encryption key to the component is permitted, and in a case where it is determined that the acquired another identification information is not corresponding to the predetermined identification information stored in the nonvolatile memory, the restoring of the backup encryption key to the component is not permitted, and wherein the component has a new encryption chip to replace the encryption chip.

2. The information processing apparatus according to claim 1 , wherein the backup encryption key is the encryption key or information required to generate the encryption key.

3. The information processing apparatus according to claim 1 , wherein the control unit confirms whether the data stored in the storage device has been correctly decrypted by using the encryption key stored in the encryption chip at a time of activation.

4. The information processing apparatus according to claim 1 , wherein the control unit confirms whether the data stored in the storage device has been correctly decrypted by using the restored backup encryption key, and when the data has not been correctly decrypted, the control unit notifies of an error.

5. The information processing apparatus according to claim 1 , wherein the nonvolatile memory stores identification information of the information processing apparatus together with the backup encryption key, and wherein, the control unit acquires identification information when restoring the backup encryption key, and confirms whether the acquired identification information coincides with the identification information stored in the nonvolatile memory.

6. An information processing apparatus comprising: a storage device configured to store data; an encryption chip configured to store an encryption key and perform encryption processing on data to be written into the storage device, by using the encryption key; a nonvolatile memory configured to store a back-up of the encryption key; and a control unit configured to determine whether a component including the encryption chip and a component including the nonvolatile memory have been replaced respectively, and, based on a determination that the component including the encryption chip has been replaced, restore the encryption key backed up in the nonvolatile memory into an encryption chip after the replacement, and, based on a determination that the component including the nonvolatile memory has been replaced, back up the encryption key stored in the encryption chip into a nonvolatile memory after the replacement, wherein the nonvolatile memory stores predetermined identification information in association with the back-up of the encryption key, and wherein, the control unit acquires another identification information from the replaced component to which the back-up of the encryption key is restored when restoring the back-up of the encryption key, and confirms whether the acquired another identification information is corresponding to the predetermined identification information stored in the nonvolatile memory, and wherein, in a case where it is determined the acquired another identification information is corresponding to the predetermined identification information stored in the nonvolatile memory, the restoring of the back-up of the encryption key to the replaced component is permitted, and wherein, in a case where it is determined the acquired another identification information is not corresponding to the predetermined identification information stored in the nonvolatile memory, the restoring of the back-up of the encryption key to the replaced component is not permitted.

7. The information processing apparatus according to claim 6 , wherein the control unit confirms whether the data stored in the storage device can be correctly decrypted by using the encryption key, in order to determine whether the component including the encryption chip has been replaced.

8. The information processing apparatus according to claim 7 , wherein, after the control unit confirms that the data stored in the storage device can be correctly decrypted, when it is determined that the encryption key does not consistent with the backup encryption key, the control unit determines that the component including the nonvolatile memory has been replaced.

9. A method for controlling an information processing apparatus that stores an encryption key and a backup encryption key, into different components respectively, and that writes data encrypted by using the encryption key into a storage device, the method comprising: restoring, based on a replacement of the component in which the encryption key is stored, the backup encryption key into a component after the replacement; backing up, based on a replacement of the component in which the backup encryption key is stored, the encryption key as a backup encryption key to a component after the replacement; storing predetermined identification information in association with the back-up of the encryption key; and acquiring another identification information from the replaced component to which the back-up of the encryption key is restored when restoring the back-up of the encryption key, and confirming whether the acquired another identification information is corresponding to the stored predetermined identification information, wherein, in a case where it is determined the acquired another identification information is corresponding to the stored predetermined identification information, the restoring of the back-up of the encryption key to the replaced component is permitted, and wherein, in a case where it is determined the acquired another identification information is not corresponding to the stored predetermined identification information, the restoring of the back-up of the encryption key to the replaced component is not permitted.

10. The method according to claim 9 , further comprising: confirming whether the data stored in the storage device can be correctly decrypted by using the encryption key; and determining whether the component including the encryption chip has been replaced.

11. The method according to claim 10 , wherein, after the confirming confirms that the data stored in the storage device can be correctly decrypted, when it is determined that the encryption key does not consistent with the backup encryption key, the determining determines that the component has been replaced.

12. The method according to claim 9 , wherein the backup encryption key is the encryption key or information required to generate the encryption key.

13. The method according to claim 9 , wherein the confirming confirms whether the data stored in the storage device has been correctly decrypted by using the encryption key at a time of activation.

14. The method according to claim 9 , further comprising confirming whether the data stored in the storage device has been correctly decrypted by using the restored backup encryption key, and when the data has not been correctly decrypted, notifying of an error.

15. The method according to claim 9 , further comprising: storing identification information of the information processing apparatus together with the backup encryption key; and acquiring identification information when restoring the backup encryption key, and confirming whether the acquired identification information coincides with the identification information.

Patent Metadata

Filing Date

Unknown

Publication Date

February 13, 2018

Inventors

Akari Yasukawa

Want to explore more patents?

Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.

Browse All Patents Try Prior Art Search